Internet Explorer Probleme

jackycolazer · 02.06.2010, 14:32

Hallo seit neustem geht mein Internet Explorer einfach auf, und zeigt mir irgendwelche Werbung an -.- das nervt

Ich hab schon mal ein logfile gemacht vllt kann mir jemand helfen währe echt nett

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:27:24, on 02.06.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Windows\system32\mshta.exe
C:\Users\Florian\AppData\Local\Temp\Ajr.exe
C:\Users\Florian\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMes1.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMes1.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMes1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Florian\AppData\Local\Temp\Ajr.exe
O4 - Startup: AutorunsDisabled
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 12824 bytes

bitte um Hilfe mfg jacky

MalwareHero · 02.06.2010, 19:49

Zitat:

Zitat von jackycolazer

Hallo seit neustem geht mein Internet Explorer einfach auf, und zeigt mir irgendwelche Werbung an -.- das nervt

Ich hab schon mal ein logfile gemacht vllt kann mir jemand helfen währe echt nett

Lade diese Dateien:

Zitat:

C:\Users\Florian\AppData\Local\Temp\Ajr.exe
C:\Program Files\Messenger_Plus_Live_Germany\tbMes1.dll

bei
VirusTotal - Free Online Virus and Malware Scan
hoch und lasse sie analysieren dann poste die logs hier ab.

Download und installiere und update Malwarebytes und mache damit einen "Vollständigen Scan" und poste das Log.

Deinstalliere diese Toolbar/Programm es ist Adware:
C:\Program Files\Ask.com\
GenericAskToolbar.dll

jackycolazer · 02.06.2010, 20:07

OK danke für schnelle antwort aber was soll ich da posten die analyse von der datei auf der seite ??? wenn ja ist es im 1. fall die hier
Datei Ajr.exe empfangen 2010.06.02 18:58:33 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 20/41 (48.79%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 1.
Geschätzte Startzeit ist zwischen 43 und 62 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 5.0.0.26 2010.06.02 -
AhnLab-V3 2010.06.03.00 2010.06.02 -
AntiVir 8.2.2.4 2010.06.02 TR/Crypt.XPACK.Gen2
Antiy-AVL 2.0.3.7 2010.06.02 -
Authentium 5.2.0.5 2010.06.02 W32/SuspPack.CJ.gen!Eldorado
Avast 4.8.1351.0 2010.06.02 -
Avast5 5.0.332.0 2010.06.02 Win32:SuspBehav-C
AVG 9.0.0.787 2010.06.02 SHeur3.ABEL
BitDefender 7.2 2010.06.02 Gen:Variant.Renos.24
CAT-QuickHeal 10.00 2010.06.02 -
ClamAV 0.96.0.3-git 2010.06.02 -
Comodo 4980 2010.06.01 -
DrWeb 5.0.2.03300 2010.06.02 Trojan.Packed.189
eSafe 7.0.17.0 2010.06.01 -
eTrust-Vet 35.2.7524 2010.06.02 Win32/FakeCodec.C!generic
F-Prot 4.6.0.103 2010.06.02 W32/SuspPack.CJ.gen!Eldorado
F-Secure 9.0.15370.0 2010.06.02 Gen:Variant.Renos.24
Fortinet 4.1.133.0 2010.06.02 -
GData 21 2010.06.02 Gen:Variant.Renos.24
Ikarus T3.1.1.84.0 2010.06.02 -
Jiangmin 13.0.900 2010.06.02 -
Kaspersky 7.0.0.125 2010.06.02 -
McAfee 5.400.0.1158 2010.06.02 -
McAfee-GW-Edition 2010.1 2010.06.02 Heuristic.BehavesLike.Win32.Obfuscated.H
Microsoft 1.5802 2010.06.02 TrojanDownloader:Win32/Renos.KF
NOD32 5167 2010.06.02 a variant of Win32/Kryptik.ERJ
Norman 6.04.12 2010.06.02 Suspicious_Gen2.AYUBS
nProtect 2010-06-02.01 2010.06.02 Gen:Variant.Renos.24
Panda 10.0.2.7 2010.06.02 Suspicious file
PCTools 7.0.3.5 2010.06.02 -
Prevx 3.0 2010.06.02 High Risk Cloaked Malware
Rising 22.50.02.04 2010.06.02 Trojan.Win32.Generic.5206F5D3
Sophos 4.53.0 2010.06.02 Mal/FakeAV-CX
Sunbelt 6394 2010.06.02 VirTool.Win32.Obfuscator.hg!b (v)
Symantec 20101.1.0.89 2010.06.02 -
TheHacker 6.5.2.0.292 2010.06.02 -
TrendMicro 9.120.0.1004 2010.06.02 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.02 -
VBA32 3.12.12.5 2010.06.02 -
ViRobot 2010.6.1.2333 2010.06.02 -
VirusBuster 5.0.27.0 2010.06.02 -
weitere Informationen
File size: 173056 bytes
MD5...: c74ab909f050234e54af81213b6de5ca
SHA1..: f126475be59e4deb9ffbfcc722081b679625d1ff
SHA256: 0e3419c1e2b1e64dad74a40a471d0cd6d0304292889b3509b4c69e8c66ece7db
ssdeep: 3072:QTZTkkd/G4BE5NqSISjI5KsMzeWb32c7AQtK8ax7:EZgkXcg1S0MNao9tK8
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x200cf
timedatestamp.....: 0x4acf1ad3 (Fri Oct 09 11:13:23 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x27f2a 0x28000 7.31 102839f620cdbf837f8acc61ed12420e
.rdata 0x29000 0xeb8 0x1000 5.17 48d8b40ff1a551eae428464a212f9cbc
.tls 0x2a000 0x1cd0d 0xe00 2.08 d3a568aae9f5ad6649d7e4c720a49a26
DATA 0x47000 0x162 0x200 0.63 7b8a59353c1c156fd50bfa84f6483f38

( 4 imports )
> KERNEL32.dll: GetACP, ReadFile, GetLocaleInfoA, VirtualAllocEx, GetCommandLineA, MoveFileA, SetErrorMode, SetLastError, LocalFree, WideCharToMultiByte, GetFileAttributesA, GlobalAddAtomA, VirtualFree, GetCurrentProcess, GetStartupInfoA, GetVersionExA, SetEvent, FormatMessageA, CloseHandle, SizeofResource, GetThreadLocale, WriteFile, LocalAlloc, ExitProcess, LoadResource, GetSystemDefaultLangID, EnterCriticalSection, MoveFileExA, FreeLibrary, InitializeCriticalSection, GetFileType, MulDiv, ExitThread, LoadLibraryA, lstrlenA, lstrcmpiA, HeapDestroy, GetProcessHeap, GetModuleFileNameA, VirtualQuery, GetTickCount, CreateThread, SetHandleCount, GetVersion, GetUserDefaultLCID, SetEndOfFile, GetModuleHandleA, HeapAlloc, LoadLibraryExA, WaitForSingleObject, SetThreadLocale, VirtualAlloc, lstrcpynA, lstrcmpA, LocalReAlloc, DeleteFileA, GetFileSize, GetCurrentProcessId, CreateFileA, FreeResource, RaiseException, FindFirstFileA, GetDiskFreeSpaceA, CompareStringA, GetFullPathNameA, FindClose, GlobalDeleteAtom, lstrcatA, lstrcpyA
> MSVCRT.dll: log10, _acmdln, memcpy, exp, memmove
> VERSION.dll: VerFindFileA, GetFileVersionInfoA, VerInstallFileA
> user32.dll: BeginPaint, GetMessagePos, GetMenuStringA, GetFocus, GetClassInfoA, GetWindowTextA, DrawTextA, GetScrollRange, GetMenuItemCount, GetScrollPos, GetMenu, GetSysColorBrush, CallNextHookEx, DefFrameProcA, GetSysColor, DrawFrameControl, DrawIconEx, RegisterClassA, DispatchMessageW, EnumChildWindows, GetDCEx, GetDlgItem, GetMenuItemInfoA, IsChild, MessageBoxA, DrawIcon, SystemParametersInfoA, GetParent, GetCapture, CheckMenuItem, GetActiveWindow, SetWindowTextA, EnumThreadWindows, EnableScrollBar, IsWindowEnabled, CreateWindowExA, GetWindow, IsDialogMessageA, ShowScrollBar, HideCaret, SetWindowLongA, GetKeyNameTextA, TrackPopupMenu, FrameRect, EqualRect, CharNextA, EnumWindows, DefMDIChildProcA, GetCursorPos, GetScrollInfo, GetLastActivePopup, GetClientRect, GetForegroundWindow, EnableMenuItem, CharLowerA, GetMenuState, SetWindowPos, GetCursor, GetDesktopWindow, GetClassLongA, GetPropA, BeginDeferWindowPos, CharLowerBuffA, DispatchMessageA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (58.5%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Symantec Reputation Network: Suspicious.Insight Suspicious.Insight | Symantec
<a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=1F6D32800002C698A4FF0296BF313300D335B53B' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=1F6D32800002C698A4FF0296BF313300D335B53B</a>

und die 2.
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.26.00 2010.05.26 -
AntiVir 8.2.1.242 2010.05.26 -
Antiy-AVL 2.0.3.7 2010.05.26 -
Authentium 5.2.0.5 2010.05.26 -
Avast 4.8.1351.0 2010.05.26 -
Avast5 5.0.332.0 2010.05.26 -
AVG 9.0.0.787 2010.05.26 -
BitDefender 7.2 2010.05.26 -
CAT-QuickHeal 10.00 2010.05.26 -
ClamAV 0.96.0.3-git 2010.05.26 -
Comodo 4942 2010.05.25 -
DrWeb 5.0.2.03300 2010.05.26 -
eSafe 7.0.17.0 2010.05.25 -
eTrust-Vet 35.2.7511 2010.05.26 -
F-Prot 4.6.0.103 2010.05.26 -
F-Secure 9.0.15370.0 2010.05.26 -
Fortinet 4.1.133.0 2010.05.25 -
GData 21 2010.05.26 -
Ikarus T3.1.1.84.0 2010.05.26 -
Jiangmin 13.0.900 2010.05.24 -
Kaspersky 7.0.0.125 2010.05.26 -
McAfee 5.400.0.1158 2010.05.26 -
McAfee-GW-Edition 2010.1 2010.05.26 -
Microsoft 1.5802 2010.05.26 -
NOD32 5146 2010.05.26 -
Norman 6.04.12 2010.05.26 -
nProtect 2010-05-26.01 2010.05.26 -
Panda 10.0.2.7 2010.05.26 -
PCTools 7.0.3.5 2010.05.26 -
Prevx 3.0 2010.05.26 -
Rising 22.49.02.03 2010.05.26 -
Sophos 4.53.0 2010.05.26 -
Sunbelt 6357 2010.05.26 -
Symantec 20101.1.0.89 2010.05.26 -
TheHacker 6.5.2.0.287 2010.05.25 -
TrendMicro 9.120.0.1004 2010.05.26 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.26 -
VBA32 3.12.12.5 2010.05.25 -
ViRobot 2010.5.20.2326 2010.05.26 -
VirusBuster 5.0.27.0 2010.05.26 -
weitere Informationen
File size: 2515552 bytes
MD5 : 2833a262ca362ee3695cacd0580aa707
SHA1 : 297834c3ba7ddc4ed4662c56468655b25c7b0d62
SHA256: 786d686a05edb50a9f8559c9675d68c3f74e8afb12aeee9636be046710b311a1
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x13291D
timedatestamp.....: 0x4BC6DD75 (Thu Apr 15 11:33:41 2010)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x166564 0x166600 6.61 ce74b059617879c49c033b86075f1d5f
.rdata 0x168000 0x7B827 0x7BA00 4.55 daf95d19f4d313dfa5201866952f6cdc
.data 0x1E4000 0x8AC4 0x6800 4.97 e5005d09f41de4a7dbcbeb5877264ca3
.rsrc 0x1ED000 0x5D258 0x5D400 5.97 1af2ff64a62aca7077fc55fb27329f36
.reloc 0x24B000 0x1F4EC 0x1F600 5.92 88d213f9fc06420d36cdc4586d91a8c3

( 20 imports )

> advapi32.dll: OpenProcessToken, RegCreateKeyExA, RegSetValueExA, RegCreateKeyExW, RegSetValueExW, RegDeleteKeyW, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptAcquireContextA, CryptReleaseContext, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegOpenKeyW, RegEnumKeyW, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegOpenKeyExA, GetTokenInformation, GetSidSubAuthorityCount, GetSidSubAuthority, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSecurityDescriptorSacl, SetSecurityDescriptorSacl, RegCloseKey, RegDeleteKeyA
> comctl32.dll: ImageList_Create, InitCommonControlsEx, CreateToolbarEx, PropertySheetW, CreatePropertySheetPageW, ImageList_ReplaceIcon, _TrackMouseEvent, -
> comdlg32.dll: GetOpenFileNameW
> crypt32.dll: CryptProtectData, CryptUnprotectData, CryptQueryObject, CryptMsgGetParam, CertFindCertificateInStore, CertGetNameStringA, CertGetNameStringW, CertFreeCertificateContext, CertCloseStore, CryptMsgClose
> dnsapi.dll: DnsQuery_A
> gdi32.dll: GetDeviceCaps, RealizePalette, SelectPalette, PlgBlt, SetLayout, PtInRegion, GetTextColor, GetBkColor, GetBkMode, ExcludeClipRect, SetRectRgn, OffsetRgn, FrameRgn, SetTextAlign, TextOutW, RoundRect, CombineRgn, GetPixel, CreateCompatibleBitmap, BitBlt, CreateRectRgn, Polygon, GdiFlush, SetPixel, GetObjectA, GetTextAlign, GetTextExtentPoint32W, GetLayout, Rectangle, SetBkColor, CreateCompatibleDC, DeleteDC, CreateSolidBrush, CreateFontIndirectW, CreatePen, SelectObject, MoveToEx, LineTo, DeleteObject, GetWindowOrgEx, SetWindowOrgEx, SetBkMode, SetTextColor, GetStockObject
> kernel32.dll: WideCharToMultiByte, GetTickCount, GetModuleHandleW, GetShortPathNameW, GetLongPathNameW, LocalFree, GetCurrentThreadId, lstrcpyA, lstrcpyW, CopyFileW, FindClose, FindNextFileW, GetCurrentProcessId, CloseHandle, ReleaseMutex, InterlockedDecrement, SetEndOfFile, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetLocaleInfoA, InterlockedExchange, InitializeCriticalSectionAndSpinCount, SetFilePointer, FlushFileBuffers, GetConsoleMode, GetConsoleCP, LCMapStringA, GetStringTypeW, GetStringTypeA, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, HeapSize, LCMapStringW, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, GetStdHandle, WriteFile, ExitProcess, VirtualAlloc, VirtualFree, HeapDestroy, HeapCreate, InterlockedIncrement, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, MoveFileW, GetCommandLineA, ResumeThread, ExitThread, HeapReAlloc, HeapAlloc, RaiseException, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, RtlUnwind, GetProcessHeap, HeapFree, MapViewOfFile, UnmapViewOfFile, OpenFileMappingW, CreateFileMappingW, ReleaseSemaphore, CreateSemaphoreW, SetEvent, GetCurrentThread, SetThreadPriority, TerminateProcess, CreateToolhelp32Snapshot, Thread32First, Thread32Next, OpenProcess, LocalAlloc, OutputDebugStringW, GetComputerNameW, GetSystemTimeAsFileTime, GetTempPathW, RemoveDirectoryW, GetFileTime, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, SizeofResource, CreateFileW, GetFileSize, GlobalAlloc, GlobalLock, ReadFile, MulDiv, LoadLibraryA, GlobalUnlock, GlobalFree, GetLastError, GetProcAddress, GetModuleHandleA, GetModuleFileNameW, WaitForSingleObject, CreateEventW, lstrlenW, MoveFileExW, GetModuleFileNameA, DeleteFileW, FreeLibrary, LoadLibraryW, FindFirstFileW, CreateThread, SetLastError, GetFileAttributesW, FreeResource, OpenMutexW, GetCurrentProcess, FlushInstructionCache, VirtualProtect, Sleep, ExpandEnvironmentStringsW, CreateProcessW, GetLocaleInfoW, CreateMutexW, Beep, MultiByteToWideChar, GetLocalTime, GetDateFormatW, GetTimeFormatW, FindResourceW, LoadResource, LockResource, GetVersionExA
> msimg32.dll: GradientFill
> ole32.dll: CoCreateGuid, StringFromGUID2, CreateStreamOnHGlobal, GetRunningObjectTable, CoCreateInstance, IIDFromString, CLSIDFromString, CoUninitialize, CoInitialize, CoGetMalloc, StringFromIID
> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> psapi.dll: EnumProcesses, GetModuleBaseNameW, EnumProcessModules, GetModuleFileNameExW, GetProcessMemoryInfo
> rpcrt4.dll: UuidToStringW
> shell32.dll: SHCreateDirectoryExW, SHGetFolderPathW, ShellExecuteExW, ShellExecuteW
> shlwapi.dll: SHDeleteKeyA, PathFileExistsW
> urlmon.dll: ObtainUserAgentString, URLDownloadToFileW
> user32.dll: SetWindowTextW, GetClientRect, SetWindowTextA, wsprintfW, SetDlgItemTextW, SetWindowLongW, ShowWindow, PostMessageA, GetDlgCtrlID, CallWindowProcA, InvalidateRect, IsWindow, LoadCursorA, SetCursor, GetWindowLongW, GetParent, ReleaseDC, MoveWindow, ClientToScreen, SendMessageA, DrawTextW, GetDC, GetWindowRect, RegisterWindowMessageW, GetWindow, UpdateWindow, GetClassInfoExW, BeginPaint, RegisterClassExW, CopyRect, InflateRect, DrawFocusRect, CharUpperW, GetLastInputInfo, IsIconic, LoadImageW, SystemParametersInfoW, LoadCursorW, GetMessageW, PeekMessageW, GetWindowRgn, MessageBeep, GetActiveWindow, IsDialogMessageA, IsDialogMessageW, MessageBoxA, DialogBoxParamW, DialogBoxParamA, CreateDialogParamA, CreateDialogParamW, SetRectEmpty, GetKeyState, SetDlgItemInt, GetDlgItemTextA, FrameRect, DrawFrameControl, AllowSetForegroundWindow, CharLowerBuffA, DrawEdge, MsgWaitForMultipleObjects, PostThreadMessageA, SetParent, GetDlgItemTextW, GetScrollInfo, GetMenuItemRect, InsertMenuItemA, InsertMenuItemW, IsMenu, GetMenuInfo, SetMenuInfo, GetMenuItemID, GetMenuState, SetMenuItemInfoW, CheckMenuItem, EnableMenuItem, DeleteMenu, TrackPopupMenu, PostMessageW, GetMonitorInfoW, GetMenuItemCount, GetMenuItemInfoW, CreatePopupMenu, DestroyMenu, SetClassLongA, SetLayeredWindowAttributes, SetForegroundWindow, EnableWindow, IsDlgButtonChecked, CheckDlgButton, SetActiveWindow, TranslateMessage, GetMessageA, ReleaseCapture, GetCapture, DispatchMessageW, DispatchMessageA, SetCapture, GetUpdateRect, GetDlgItem, EndPaint, SetWindowRgn, SetRect, OffsetRect, DrawIconEx, GetIconInfo, DestroyIcon, GetSystemMetrics, FillRect, GetSysColor, PeekMessageA, MessageBoxW, DefWindowProcW, GetAsyncKeyState, SendMessageW, GetWindowTextLengthW, EndDialog, GetWindowTextW, FindWindowW, GetMenuItemInfoA, SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx, CreateWindowExW, UnregisterClassA, GetClassNameW, DefWindowProcA, GetWindowLongA, SetWindowLongA, GetFocus, IsChild, KillTimer, IsWindowUnicode, CallWindowProcW, FindWindowExW, GetWindowThreadProcessId, SetWindowPos, MonitorFromRect, GetMonitorInfoA, GetClassInfoW, RegisterClassW, DestroyWindow, SetTimer, GetDesktopWindow, SetFocus, GetCursorPos, ScreenToClient, PtInRect, IsWindowVisible
> version.dll: VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
> wininet.dll: FindCloseUrlCache, DeleteUrlCacheEntry, FindNextUrlCacheEntryA, FindFirstUrlCacheEntryA, InternetCanonicalizeUrlW, InternetCrackUrlW, InternetCloseHandle, InternetSetOptionExA, InternetConnectA, InternetGetLastResponseInfoA, HttpSendRequestA, HttpQueryInfoA, InternetOpenA, InternetSetOptionA, InternetGetConnectedState, InternetReadFile, GetUrlCacheEntryInfoW, InternetQueryOptionA, HttpOpenRequestA, InternetCrackUrlA, InternetOpenW, InternetSetOptionW, InternetOpenUrlW, InternetCanonicalizeUrlA
> winmm.dll: sndPlaySoundW, timeGetTime, PlaySoundW, PlaySoundA
> wsock32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 1 exports )

> DllCanUnloadNow, DllConnectToIE, DllConnectionProc, DllGetClassObject, DllGetInstallFileNameExt, DllOnUninstall, DllOnUpdateFinish, DllOpenUninstallPage, DllRegisterServer, DllShowTB, DllShowToolbar, DllShowToolbarWithIE, DllUnregisterServer, DllUpdate
TrID : File type identification
Windows OCX File (71.0%)
Win32 Executable MS Visual C++ (generic) (21.6%)
Win32 Executable Generic (4.9%)
Generic Win/DOS Executable (1.1%)
DOS Executable Generic (1.1%)
ssdeep: 49152:/QFIqHLT0LcY+8IWfYjp3NlKrWaX3bAhz/cvTVRkvzVQoQtkK96P:/urgIUImiKpX3bAhz/t
sigcheck: publisher....: Conduit Ltd.
copyright....: Copyright (c) Conduit Ltd. 2008
product......: Conduit Toolbar
description..: Conduit Toolbar
original name: n/a
internal name: Conduit Toolbar
file version.: 5, 5, 0, 10
comments.....: Conduit Toolbar ver 1.0
signers......: Conduit Ltd.
VeriSign Class 3 Code Signing 2009-2 CA
Class 3 Public Primary Certification Authority
signing date.: 11:49 PM 4/20/2010
verified.....: -
PEiD : -
RDS : NSRL Reference Data Set

Internet Explorer Probleme

Log-Analyse und Auswertung: Internet Explorer Probleme